• chevron_right

      Netflix lands its first big-name games with Grand Theft Auto trilogy / ArsTechnica · Wednesday, 29 November - 22:14

    A logo for the enhanced edition of the GTA trilogy, next to cover artwork from the three games

    Enlarge / The enhanced edition trilogy includes Grand Theft Auto 3 , Grand Theft Auto Vice City , and Grand Theft Auto San Andreas . (credit: Rockstar Games)

    Netflix subscribers will be able to play the three original 3D Grand Theft Auto games on iOS and Android starting in December, according to a blog post from the streamer.

    The titles included are 2001's Grand Theft Auto III , 2002's Grand Theft Auto: Vice City , and 2004's Grand Theft Auto: San Andreas .

    All three released initially on the PS2 and Xbox. The first 3D entry in the series, Grand Theft Auto III , was a crossover cultural sensation when it debuted, and it is credited as one of the main originators of the open-world genre, which remains one of the most popular genres in triple-A games to this day.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS / ArsTechnica · Thursday, 7 September - 22:47

    Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS

    Enlarge (credit: Apple)

    Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.

    The CVE-2023-41064 and CVE-2023-41061 flaws were reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Also dubbed "BLASTPASS," Citizen Lab says that the bugs are serious because they can be exploited just by loading an image or attachment, which happens regularly in Safari, Messages, WhatsApp, and other first- and third-party apps. These bugs are also called "zero-click" or "clickless" vulnerabilities.

    Citizen Lab also said that the BLASTPASS bug was "being used to deliver NSO Group’s Pegasus mercenary spyware ," the latest in a long line of similar exploits that have been used to infect fully patched iOS and Android devices.

    Read 3 remaining paragraphs | Comments

    • chevron_right

      Apple releases iOS, iPadOS, and macOS updates to fix bugs and shore up security / ArsTechnica · Monday, 24 July, 2023 - 19:29 · 1 minute

    Macs running macOS Ventura.

    Enlarge / Macs running macOS Ventura. (credit: Apple)

    Apple's iOS 16, iPadOS 16, and macOS 13 operating systems are all due to be replaced with new versions in the next two or three months, but some bugs can't wait for a whole new release. The company has released iOS/iPadOS 16.6 and macOS 13.5 to fix several "actively exploited" security bugs, plus a handful of other security fixes for problems that have been reported to Apple but aren't being exploited in the wild yet. The release notes also mention unspecified "bug fixes" for each OS.

    The new updates don't add anything by way of new features—at least, there aren't any mentioned in the release notes. This will likely be the case for most iOS 16 and macOS 13 Ventura updates going forward, as Apple shifts its focus to newer operating systems. The iOS/iPadOS 17 and macOS 14 Sonoma updates should be available in September or October, if Apple sticks to its historical release schedule. The public betas were released earlier this month.

    Several of the security fixes in these updates were originally part of a Rapid Response security update for iOS 16.5.1 and macOS 13.4.1. The original version of that update was pulled post-release after it broke a few major websites on devices that installed it, but a working version with the same fixes was released soon after.

    Read 2 remaining paragraphs | Comments

    • chevron_right

      iOS 16.4.1 and macOS 13.3.1 address two security vulnerabilities / ArsTechnica · Friday, 7 April, 2023 - 20:41

    Three iPhones on a wooden picnic bench, with prominent cameras visible

    Enlarge / The backs of the iPhone 14, iPhone 14 Pro, and iPhone 14 Pro Max. (credit: Samuel Axon)

    Apple has released bug fix and security updates for several of its operating systems, including iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1.

    The iOS and iPadOS updates don't add any new features. Their main purpose is to address two separate major security vulnerabilities, and the release notes include two big fixes.

    Apple details the bug fixes as follows:

    Read 4 remaining paragraphs | Comments

    • chevron_right

      Apple rolls out iOS 16.4 and macOS Ventura 13.3 with new emoji and features / ArsTechnica · Monday, 27 March, 2023 - 19:33

    The 2021, 24-inch iMac with Apple's M1.

    Enlarge / The 2021, 24-inch iMac with Apple's M1. (credit: Samuel Axon)

    Apple released new updates for most of its software platforms today, including macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4.

    These are all feature updates, meaning they actually add new functionality in addition to fixing bugs or addressing security vulnerabilities.

    iOS and iPadOS 16.4 add a number of minor features. The headliner is (of course) 21 new emojis, like new heart colors, additional animals, and a shaking head. Beyond that, though, Apple says you'll see improved voice isolation on phone calls, support for notifications from web apps that have been added to your phone's home screen, new ways to weed out duplicates in your Photos library, and a number of bug fixes.

    Read 4 remaining paragraphs | Comments

    • chevron_right

      20 years later, Second Life is launching on mobile / ArsTechnica · Thursday, 16 March, 2023 - 12:28

    Second Life mobile preview.

    Remember Second Life ? The virtual world launched on the desktop web back in 2003 with 3D avatars and spaces for various social activities. Believe it or not, it has been running continually this entire time—and now it's coming to mobile for the first time.

    In fact, this will be the first time that Second Life has expanded beyond the PC (across Windows, macOS, and Linux) in any form.

    In a post to the virtual world's community web forum , a community manager for Second Life developer Linden Lab shared a video with some details about the mobile version's development, and announced that a beta version of the mobile app will launch sometime this year.

    Read 5 remaining paragraphs | Comments

    • chevron_right

      Apple Patches iPhone Zero-Day / Schneier · Thursday, 15 December, 2022 - 16:43

    The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.”

    News :

    Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

    WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses.

    • chevron_right

      Apple’s Lockdown Mode / Schneier · Sunday, 31 July, 2022 - 18:21 · 1 minute

    I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:

    Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

    At launch, Lockdown Mode includes the following protections:

    • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
    • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
    • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
    • Wired connections with a computer or accessory are blocked when iPhone is locked.
    • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

    What Apple has done here is really interesting. It’s common to trade security off for usability, and the results of that are all over Apple’s operating systems—and everywhere else on the Internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.

    There aren’t a lot of people who need Lockdown Mode, but it’s an excellent option for those who do.

    News article .

    EDITED TO ADD (7/31): An analysis of the effect of Lockdown Mode on Safari.